Personalized Event Data

Organizations implementing continuous authentication and Zero Trust principles need to understand who and what devices are accessing sensitive SaaS resources and the security posture of those devices. Beyond Identity links identity to device, allowing these organizations to validate not just the identity, but the authenticating device’s security posture. With Beyond Identity, customers own their authentication data. Beyond Identity’s personalized data on the Snowflake Marketplace offers near real-time data about the users and devices attempting to access your critical cloud resources across applications. Leveraging Beyond Identity’s event data, security teams can ensure only secured devices and authorized users access company data. This can help stop all password-based attacks, block lateral movement, and improve threat detection and incident response. Beyond Identity continuously gathers data concerning the security posture of registered devices and forces their adherence to organizational device security policies. Real-time risk-based authentication is informed by dozens of user and device risk signals during each login - enabling customers to enforce continuous, dynamic access control across the cloud applications and resources used to operate your organization. By leveraging personalized Beyond Identity Event logs, security teams get: Strong Authentication Beyond Identity eliminates passwords as an authentication method and cryptographically binds user identity to the device via the secure TPM hardware on the device. This eliminates credential-based attacks and provides a very high assurance of the user identity before allowing access to critical SaaS resources. Granular Risk Signals and Immutable Logs Beyond Identity captures granular device security posture data at the exact time of login such as operating system version, security software state, and device type. Authentication event data is captured and aggregated in the Beyond Identity Administrative Portal for every login attempt. Identify Risky Users Beyond Identity stops unauthorized users and rejects devices from authentication if they do not meet an organization’s security requirements. Unauthorized devices that are not bound to a valid identity are stopped from authenticating. Track Admin Activity Administrative audit of all new configuration events such as user and device additions, group creations and changes, and policy additions and updates. Sample Tables - EVENTS_LOG Sample Fields - EVENT_ID - EVENT_CORRELATION_ID - EVENT_OCCURRED_TIMESTAMP - EVENT_TYPE - EVENT_DETAIL - CERTIFICATE__FINGERPRINT - CERTIFICATE__ID - CERTIFICATE__STATUS - CERTIFICATE__TYPE_NAME - USER__EMAIL - USER__STATUS

实施持续身份验证与零信任（Zero Trust）原则的组织机构，需明晰哪些用户与设备正在访问敏感软件即服务（SaaS）资源，以及这些设备的安全态势。 Beyond Identity将身份与设备进行绑定，使这类机构不仅能够验证用户身份，还可对执行身份验证的设备的安全态势进行校验。 借助Beyond Identity，客户可自主掌控其身份验证数据。Beyond Identity在雪花数据市场（Snowflake Marketplace）上提供的个性化数据，能够提供与跨应用尝试访问企业关键云资源的用户及设备相关的近乎实时的信息。安全团队可依托Beyond Identity的事件数据，确保仅合规设备与授权用户方可访问企业数据。此举有助于杜绝所有基于密码的攻击、阻断横向移动，并提升威胁检测与事件响应能力。 Beyond Identity会持续收集已注册设备的安全态势相关数据，并强制设备遵守组织机构的设备安全策略。每次登录时，系统会基于数十项用户与设备风险信号生成实时风险评估，助力客户在本机构运营所使用的各类云应用与资源上实施持续、动态的访问控制。 通过利用Beyond Identity的个性化事件日志，安全团队可获得如下能力： 强身份验证：Beyond Identity摒弃了密码作为身份验证方式，通过设备上的安全可信平台模块（TPM，Trusted Platform Module）硬件，将用户身份与设备进行加密绑定。此举可消除基于凭证的攻击，并在允许用户访问敏感SaaS资源前，为其身份提供极高的可信度保障。 精细化风险信号与不可篡改日志：Beyond Identity会在登录发生的准确时刻捕获精细化的设备安全态势数据，例如操作系统版本、安全软件状态与设备类型。每次登录尝试的身份验证事件数据，都会被捕获并聚合至Beyond Identity管理门户中。 识别高风险用户：Beyond Identity会拦截未授权用户，并拒绝不符合组织机构安全要求的设备进行身份验证。未绑定有效身份的非法设备将无法通过身份验证。 追踪管理员活动：对所有新增配置事件进行管理审计，包括用户与设备的新增、组的创建与变更，以及策略的新增与更新。 示例表 - EVENTS_LOG 示例字段 - EVENT_ID（事件ID） - EVENT_CORRELATION_ID（事件关联ID） - EVENT_OCCURRED_TIMESTAMP（事件发生时间戳） - EVENT_TYPE（事件类型） - EVENT_DETAIL（事件详情） - CERTIFICATE__FINGERPRINT（证书指纹） - CERTIFICATE__ID（证书ID） - CERTIFICATE__STATUS（证书状态） - CERTIFICATE__TYPE_NAME（证书类型名称） - USER__EMAIL（用户邮箱） - USER__STATUS（用户状态）